(0Day) Microsoft Windows Error Reporting Service Missing Authorization Arbitrary Process Termination Vulnerability
Vulnerability Details
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Windows Error Reporting service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to terminate arbitrary processes and create a denial-of-service condition on the system.
Additional Details
01/23/24 – ZDI reported the vulnerability to the vendor.
01/29/24 – The vendor states that the report has minimal impact and does not meet their bar for servicing at this time, but it will be evaluated for upcoming releases.
01/29/24 – ZDI asked the vendor to reconsider their decision on this case as we have submitted ZDI-CAN-22907, a case that relies on the behavior outlined in this case, and there is potential for this vulnerability to play a role in future cases.
07/30/24 – ZDI asked for an update.
07/31/24 – The vendor confirmed our assessment but remained firm on their original stance.
08/05/24 – The ZDI informed the vendor that we are publishing this case as a zero-day advisory on 08/06/24.
-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application
Disclosure Timeline
- 2024-01-23 - Vulnerability reported to vendor
- 2024-08-06 - Coordinated public release of advisory
- 2024-08-15 - Advisory Updated
Credit
HeeChan Kim (@heegong123) of THEORI
